adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
75,481 Commits 27 Branches 1,043 Tags
94e5e49052d4f0f165a3220a488ec33a53b082a2
Commit Graph

1520 Commits

Author SHA1 Message Date
Brendan dbc020a745 Merge pull request #19441 from Takahiro-Yoko/cve_2023_0386_priv_esc 
Land #19441, Add module: Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-26 14:07:17 -05:00
Takah1ro 755830024c Update exploit binary and remove unnecessary 2024-09-24 08:37:20 +09:00
Takah1ro 75329cc7c7 Add ; 2024-09-24 08:24:24 +09:00
Takah1ro a10459e772 Formatting exploit 2024-09-24 08:14:21 +09:00
Takahiro Yokoyama 33152bf0ac Update external/source/exploits/CVE-2023-0386/cve_2023_0386.c 
Add setuid(0) and setgid(0)

Co-authored-by: Brendan <bwatters@rapid7.com>
 2024-09-24 08:03:20 +09:00
Takah1ro dd932844b6 Remove unused variables 2024-09-09 08:15:08 +09:00
Takah1ro 212c96d195 Add last blank line 2024-09-07 12:29:32 +09:00
Takah1ro 8366252ba2 Not call payload directory 2024-09-07 12:28:40 +09:00
Takah1ro 692531bb87 Call payload directory 2024-09-07 12:16:04 +09:00
Takah1ro 2b63f8bb88 Rename exploit 2024-09-07 10:29:41 +09:00
Takah1ro fd7321dd3f Strip_comments 2024-09-06 22:58:31 +09:00
Takahiro Yokoyama ccc4727dfd Update external/source/exploits/CVE-2023-0386/exploit.c 
Avoid recursively delete files indiscriminate.

Co-authored-by: bcoles <bcoles@gmail.com>
 2024-09-06 21:48:29 +09:00
Takah1ro cd97b08c62 Move C code to separate file 2024-09-06 21:09:39 +09:00
Takah1ro 216590f84a Add last blank line 2024-09-05 23:00:06 +09:00
Takah1ro 3d20dd6ddf Add module: 
Linux Priv Esc (OverlayFS copying bug) CVE-2023-0386
 2024-09-05 22:54:55 +09:00
Jack Heysel 7bfd814297 Removed memory polling 2024-08-30 12:52:18 -07:00
Jack Heysel b011b67f80 Responded to comments 2024-08-29 22:25:20 -07:00
Jack Heysel b32234382e Add correct missing file 2024-08-29 18:53:39 -04:00
Jack Heysel e40f6cb785 Add missing file 2024-08-29 08:38:08 -04:00
Jack Heysel f6378913c3 Merge branch 'win-kernel-lpe-cve-2024-30038' of github.com:jheysel-r7/metasploit-framework into win-kernel-lpe-cve-2024-30038 2024-08-22 13:07:30 -07:00
Jack Heysel 6689614d8f Responded to comments 2024-08-22 13:06:29 -07:00
jheysel-r7 bde9fca9e4 Apply suggestions from code review 2024-08-22 02:35:21 -04:00
Jack Heysel 31348dac33 Windows LPE CVE-2024-30088 2024-08-21 23:16:37 -07:00
bwatters 636c72965c Land #19084, Add CVE-2022-1373 and CVE-2022-2334 exploit chain 
Merge branch 'land-19084' into upstream-master
 2024-07-19 12:22:25 -05:00
Imran E. Dawoodjee afd4b8af2e Remove x86 things, include AutoCheck 2024-04-19 22:49:40 +08:00
Imran E. Dawoodjee 6268235cd3 Add CVE-2022-1373 and CVE-2022-2334 exploit chain 2024-04-13 18:10:45 +08:00
Spencer McIntyre e5635c4bfd Add source code for Python deserialization gadgets 2024-03-29 09:33:47 -04:00
Spencer McIntyre 86b7ec4518 Address comments from the review 2023-10-12 09:50:19 -04:00
Spencer McIntyre 5a6dc7f9a6 Initial commit of CVE-2023-43654 2023-10-12 09:27:26 -04:00
Christophe De La Fuente 1058291af9 Land #18314, Windows Error Reporting RCE (CVE-2023-36874) 2023-09-27 15:25:06 +02:00
bwatters be731f330e Add error checking and randomize the report directory 2023-09-22 14:43:21 -05:00
bwatters b4a1bb8fa2 Add docs and support for shell sessions; update exe to work without runtime lib. 2023-09-19 17:50:18 -05:00
Simon Janusz 8b56dc0117 Land #18250, CVE-2023-28252: Windows CLFS Driver Privilege Escalation 2023-09-14 10:18:29 +01:00
bwatters 91e7af4370 Added check, some stealth, and cleaned code 2023-09-05 14:29:13 -05:00
bwatters c69e983b30 Add module to create directory structures and upload/run exploit 2023-08-25 15:41:25 -05:00
bwatters c05582267c Placeholder for VE-2023-36874 2023-08-23 20:13:03 -05:00
Jack Heysel 97dd22032c Responded to comments, improved stability 2023-08-21 19:20:25 -04:00
Jack Heysel bcfc892195 General code clean up 2023-08-04 14:27:14 -04:00
Jack Heysel 30b824d8ab external sources 2023-08-02 19:33:25 -04:00
adfoster-r7 9a40e2612b Land #17129, Add OSX Aarch64 Payload support 2023-08-02 18:37:56 +01:00
adfoster-r7 89cd524acb Update osx templates makefile and compile binaries 2023-08-02 01:26:18 +01:00
usiegl00 c028d33cae Update OSX AARCH64 Stager 
This fixes an issue with the stager size in the osx aarch64 payloads. It
also adds the source and Makefile for template_aarch64_darwin.bin
 2023-07-31 20:30:30 -07:00
usiegl00 9019b51eaa Update AARCH64 Shellcode Generation 
This updates the aarch64 payloads to include comments with the
corresponding instructions for each little-endian integer. It also fixes
the debug output for x64 payloads under rosetta.
 2023-07-29 08:26:56 -07:00
bwatters b15d595de2 Adjust files to be better shared 2023-07-14 12:47:04 -05:00
Ashley Donaldson 6772740f86 Fix bug in HostingCLR relating to the first argument passed to a dotnet assembly. 2023-06-28 09:24:33 +10:00
Ashley Donaldson afe359281c Remove manual signature handling, and figure it out for the user. 2023-06-28 09:22:01 +10:00
Ashley Donaldson 65a4dd3c39 Change ETW bypass method, so that CLR memory can be freed. 
Fixed a crash and broken logic in hosting clr code.
 2023-06-26 09:54:00 +10:00
Ashley Donaldson 977f8732c6 Fix cleanup code. 
The _AppDomainPtr, _AssemblyPtr and _MethodInfoPtr variables are COM smart pointers which will auto-Release() when they go out of scope, so we should not directly Release() them.
 2023-06-23 14:01:45 +10:00
Ashley Donaldson a7ce4c7fa8 Free memory from the C++ side, rather than the Ruby side. 2023-06-23 09:57:53 +10:00
Ashley Donaldson 6e438d338e Modify execute_dotnet_assembly to run in existing processes (including our own process) and receive output. 2023-06-21 12:04:09 +10:00